About Authorizations

Authorizations are stored in the /etc/security/auth_attr file. To create an application that uses authorizations, take
the following steps:

Scan the /etc/security/auth_attr for
one or more appropriate authorizations.

Check for the required authorization at the beginning of the
program using the chkauthattr(3SECDB) function. The chkauthattr() function
searches for the authorization in order in the following locations:

AUTHS_GRANTED key in the policy.conf(4) database – AUTHS_GRANTED
indicates authorizations that have been assigned by default.

PROFS_GRANTED key in the policy.conf(4) database – PROFS_GRANTED
indicates rights profiles that have been assigned by default. chkauthattr() checks these rights profiles for the specified authorization.

The user_attr(4) database –
This database stores security attributes that have been assigned to users.

The prof_attr(4) database –
This database stores rights profiles that have been assigned to users.

If chkauthattr() cannot find the right authorization
in any of these places, then the user is denied access to the program.

Let the administrator know which authorizations are required
for this application. You can inform the administrators through man pages
or other documentation.

Example 2–3 Checking for Authorizations

The following code snippet demonstrates
how the chkauthattr() function can be used to check a user's
authorization. In this case, the program checks for the solaris.job.admin authorization. If the user has this authorization, the user is
able to read or write to other users' files. Without the authorization, the
user can operate on owned files only.